Add dual support for real bash and busybox's bash(ash)

- modify bash to have it configured with -Os
2024-12-18 12:46:26 +00:00 · 2023-02-08 16:01:48 -05:00 · 2023-02-08 16:01:48 -05:00 · 8da5d5d723
commit 8da5d5d723
parent 6923fb5e20
49 changed files with 62 additions and 60 deletions
--- a/initrd/bin/cbfs-init
+++ b/initrd/bin/cbfs-init
@ -1,4 +1,4 @@
-#!/bin/ash
+#!/bin/bash
 set -e -o pipefail
 . /etc/functions

--- a/initrd/bin/cbfs.sh
+++ b/initrd/bin/cbfs.sh
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 set -e -o pipefail
 . /etc/functions
 . /tmp/config
--- a/initrd/bin/config-gui.sh
+++ b/initrd/bin/config-gui.sh
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 #
 set -e -o pipefail
 . /etc/functions
--- a/initrd/bin/flash-gui.sh
+++ b/initrd/bin/flash-gui.sh
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 #
 set -e -o pipefail
 . /etc/functions
--- a/initrd/bin/flash.sh
+++ b/initrd/bin/flash.sh
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 #
 # based off of flashrom-x230
 #
--- a/initrd/bin/flashrom-kgpe-d16-openbmc.sh
+++ b/initrd/bin/flashrom-kgpe-d16-openbmc.sh
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 . /etc/functions

 TRACE "Under /bin/flashrom-kgpe-d16-openbmc.sh"
--- a/initrd/bin/generic-init
+++ b/initrd/bin/generic-init
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Boot from a local disk installation

 . /etc/functions
--- a/initrd/bin/gpg-gui.sh
+++ b/initrd/bin/gpg-gui.sh
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 #
 set -e -o pipefail
 . /etc/functions
--- a/initrd/bin/gpgv
+++ b/initrd/bin/gpgv
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # if we are using the full GPG we need a wrapper for the gpgv executable
 . /etc/functions

--- a/initrd/bin/gui-init
+++ b/initrd/bin/gui-init
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Boot from a local disk installation

 BOARD_NAME=${CONFIG_BOARD_NAME:-${CONFIG_BOARD}} 
--- a/initrd/bin/kexec-boot
+++ b/initrd/bin/kexec-boot
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Launches kexec from saved configuration entries
 set -e -o pipefail
 . /tmp/config
--- a/initrd/bin/kexec-insert-key
+++ b/initrd/bin/kexec-insert-key
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Unseal a disk key from TPM and add to a new initramfs
 set -e -o pipefail
 . /etc/functions
--- a/initrd/bin/kexec-iso-init
+++ b/initrd/bin/kexec-iso-init
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Boot from signed ISO
 set -e -o pipefail
 . /etc/functions
--- a/initrd/bin/kexec-parse-bls
+++ b/initrd/bin/kexec-parse-bls
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 set -e -o pipefail
 . /etc/functions
 TRACE "Under /bin/kexec-parse-bls"
--- a/initrd/bin/kexec-parse-boot
+++ b/initrd/bin/kexec-parse-boot
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 set -e -o pipefail
 . /etc/functions

--- a/initrd/bin/kexec-save-default
+++ b/initrd/bin/kexec-save-default
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Save these options to be the persistent default
 set -e -o pipefail
 . /tmp/config
--- a/initrd/bin/kexec-save-key
+++ b/initrd/bin/kexec-save-key
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Generate a TPM key used to unlock LUKS disks
 set -e -o pipefail
 . /etc/functions
--- a/initrd/bin/kexec-seal-key
+++ b/initrd/bin/kexec-seal-key
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # This will generate a disk encryption key and seal / ecncrypt
 # with the current PCRs and then store it in the TPM NVRAM.
 # It will then need to be bundled into initrd that is booted.
--- a/initrd/bin/kexec-select-boot
+++ b/initrd/bin/kexec-select-boot
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Generic configurable boot script via kexec
 set -e -o pipefail
 . /tmp/config
--- a/initrd/bin/kexec-sign-config
+++ b/initrd/bin/kexec-sign-config
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Sign a valid directory of kexec params
 set -e -o pipefail
 . /tmp/config
--- a/initrd/bin/kexec-unseal-key
+++ b/initrd/bin/kexec-unseal-key
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # This will unseal and unecncrypt the drive encryption key from the TPM
 # The TOTP secret will be shown to the user on each encryption attempt.
 # It will then need to be bundled into initrd that is booted with Qubes.
--- a/initrd/bin/key-init
+++ b/initrd/bin/key-init
@ -1,4 +1,4 @@
-#!/bin/ash
+#!/bin/bash
 set -e -o pipefail
 . /etc/functions

--- a/initrd/bin/media-scan
+++ b/initrd/bin/media-scan
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Scan for USB installation options
 set -e -o pipefail
 . /etc/functions
--- a/initrd/bin/mount-usb
+++ b/initrd/bin/mount-usb
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Mount a USB device
 . /etc/functions

--- a/initrd/bin/network-init-recovery
+++ b/initrd/bin/network-init-recovery
@ -1,4 +1,4 @@
-#!/bin/ash
+#!/bin/bash

 . /etc/functions

--- a/initrd/bin/oem-factory-reset
+++ b/initrd/bin/oem-factory-reset
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Automated setup of TPM, GPG keys, and disk

 TRACE "Under /bin/oem-factory-reset"
--- a/initrd/bin/oem-system-info-xx30
+++ b/initrd/bin/oem-system-info-xx30
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # System Info

 BOARD_NAME=${CONFIG_BOARD_NAME:-${CONFIG_BOARD}} 
--- a/initrd/bin/poweroff
+++ b/initrd/bin/poweroff
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 . /etc/functions

 TRACE "Under /bin/poweroff"
--- a/initrd/bin/qubes-measure-luks
+++ b/initrd/bin/qubes-measure-luks
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Measure all of the luks disk encryption headers into
 # a PCR so that we can detect disk swap attacks.
 . /etc/functions
--- a/initrd/bin/reboot
+++ b/initrd/bin/reboot
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 . /etc/functions

 TRACE "Under /bin/reboot"
--- a/initrd/bin/seal-hotpkey
+++ b/initrd/bin/seal-hotpkey
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Retrieve the sealed TOTP secret and initialize a USB Security dongle with it

 . /etc/functions
--- a/initrd/bin/seal-totp
+++ b/initrd/bin/seal-totp
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Generate a random secret, seal it with the PCRs
 # and write it to the TPM NVRAM.
 #
--- a/initrd/bin/t430-flash.init
+++ b/initrd/bin/t430-flash.init
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Initialize the USB and network device drivers,
 # invoke a recovery shell and prompt the user for how to proceed

@ -23,4 +23,4 @@ echo '  mount -o ro /dev/sdb1 /media'
 echo '  flash.sh /media/t430.rom'
 echo ''

-exec /bin/ash
+exec /bin/bash
--- a/initrd/bin/tpm-reset
+++ b/initrd/bin/tpm-reset
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 . /etc/functions

 if [ "$CONFIG_TPM" = "y" ]; then
--- a/initrd/bin/tpmr
+++ b/initrd/bin/tpmr
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # TPM Wrapper - to unify tpm and tpm2 subcommands

 . /etc/functions
--- a/initrd/bin/uefi-init
+++ b/initrd/bin/uefi-init
@ -1,4 +1,4 @@
-#!/bin/ash
+#!/bin/bash
 set -e -o pipefail
 . /etc/functions

--- a/initrd/bin/unseal-hotp
+++ b/initrd/bin/unseal-hotp
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Retrieve the sealed file and counter from the NVRAM, unseal it and compute the hotp

 . /etc/functions
--- a/initrd/bin/unseal-totp
+++ b/initrd/bin/unseal-totp
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Retrieve the sealed file from the NVRAM, unseal it and compute the totp

 . /etc/functions
--- a/initrd/bin/usb-init
+++ b/initrd/bin/usb-init
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Boot a USB installation

 . /etc/functions
--- a/initrd/bin/wget-measure.sh
+++ b/initrd/bin/wget-measure.sh
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # get a file and extend a TPM PCR
 . /etc/functions

--- a/initrd/bin/x230-flash.init
+++ b/initrd/bin/x230-flash.init
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Initialize the USB and network device drivers,
 # invoke a recovery shell and prompt the user for how to proceed

@ -25,4 +25,4 @@ echo '  mount -o ro /dev/sdb1 /media'
 echo '  flash.sh /media/x230.rom'
 echo ''

-exec /bin/ash
+exec /bin/bash
--- a/initrd/etc/functions
+++ b/initrd/etc/functions
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Shell functions for most initialization scripts

 die() {
@ -51,9 +51,9 @@ recovery() {
 		sleep 1

 		if [ -x /bin/setsid ]; then
-			/bin/setsid -c /bin/ash
+			/bin/setsid -c /bin/bash
 		else
-			/bin/ash
+			/bin/bash
 		fi
 	done
 }
--- a/initrd/etc/gui_functions
+++ b/initrd/etc/gui_functions
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Shell functions for common operations using fbwhiptail
 . /etc/functions

--- a/initrd/etc/luks-functions
+++ b/initrd/etc/luks-functions
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Reencrypt LUKS container and change Disk Recovery Key associated passphrase (Slot 0: main slot)

 . /etc/functions
--- a/initrd/etc/passwd
+++ b/initrd/etc/passwd
@ -1 +1 @@
-root:x:0:0:root:/:/bin/ash
+root:x:0:0:root:/:/bin/bash
--- a/initrd/init
+++ b/initrd/init
@ -1,4 +1,4 @@
-#!/bin/ash
+#!/bin/bash
 mknod /dev/ttyprintk c 5 3
 echo "hello world" > /dev/ttyprintk

@ -30,12 +30,14 @@ if [ ! -r /dev/ptmx ]; then
 	ln -s /dev/pts/ptmx /dev/ptmx
 fi

-
-[ -a /dev/stdin ] || ln -s /proc/self/fd/0 /dev/stdin
-[ -a /dev/stdout ] || ln -s /proc/self/fd/1 /dev/stdout
-[ -a /dev/stderr ] || ln -s /proc/self/fd/2 /dev/stderr
 # Needed by bash
-[ -a /dev/fd ] || ln -s /proc/self/fd /dev/fd
+if ! [ -L /bin/bash ]; then
+	# /bin/bash is not a symbolink link (not busybox)
+	[ -a /dev/stdin ] || ln -s /proc/self/fd/0 /dev/stdin
+	[ -a /dev/stdout ] || ln -s /proc/self/fd/1 /dev/stdout
+	[ -a /dev/stderr ] || ln -s /proc/self/fd/2 /dev/stderr
+	[ -a /dev/fd ] || ln -s /proc/self/fd /dev/fd
+fi

 # Recovery shells will erase anything from here
 mkdir -p /tmp/secret
@ -116,7 +118,7 @@ if [ "$boot_option" = "r" ]; then
 	if [ "$CONFIG_TPM" = "y" -o "$CONFIG_TPM2_TOOLS" = "y" ]; then
 		tpmr extend -ix 4 -ic recovery
 	fi
-	exec /bin/ash
+	exec /bin/bash
 	exit
 fi

@ -173,4 +175,4 @@ fi
 if [ "$CONFIG_TPM" = "y" -o "$CONFIG_TPM2_TOOLS" = y ]; then
 	tpmr extend -ix 4 -ic recovery
 fi
-exec /bin/ash
+exec /bin/bash
--- a/initrd/mount-boot
+++ b/initrd/mount-boot
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # Extract the GPG signed dmsetup configuration from
 # the header of the file system, validate it against
 # the trusted key database, and execute it to mount
--- a/initrd/sbin/config-dhcp.sh
+++ b/initrd/sbin/config-dhcp.sh
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash

 # udhcpc script

--- a/initrd/sbin/insmod
+++ b/initrd/sbin/insmod
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # extend a TPM PCR with a module and then load it
 # any arguments will also be measured.
 # The default PCR to be extended is 5, but can be